On my Linux box, I want to make some ports stealth, but I still want to be able to use those ports without needing to edit the firewall. Making a port stealth is easy with a rule like
iptables -I INPUT -p tcp --dport 80 -j DROP
but implementing that also drops incoming traffic if a service is listening on that port. I want something like
iptables -I INPUT -p tcp --no-socket-listening -j DROP
that only drops incoming traffic if no socket is listening on a port. How can I do that?
NB I’m aware I can open selected ports with the right iptables rules, but that requires manually editing the firewall whenever a program opens a listening socket and requires root access to do, which I don’t want.
